Cybersecurity & Compliance Administrator

Microsoft Purview Administration (Compliance & Data Governance)

• Configure and manage Purview capabilities to support compliance objectives, including data classification and labeling, data loss prevention (DLP), retention and deletion policies, eDiscovery workflows, and compliance reporting.
• Develop and maintain Purview‑derived compliance artifacts and evidence outputs to support assessments, audits, due diligence, and continuous monitoring aligned to CMMC 2.0 Level 2 and NIST SP 800‑171.
• Define and operate data retention and deletion procedures, integrating with Purview retention controls where appropriate

Microsoft Defender Administration (Threat Protection & Security Operations)

• Configure, tune, and operate Microsoft Defender security controls across identity, endpoints, email/collaboration, and cloud applications, consistent with licensing and compliance scope.
• Monitor alerts, investigate suspicious activity, and drive remediation actions; reducing noise through continuous tuning and improvements.
• Establish and maintain detection and response playbooks, including alert triage, escalation paths, documentation requirements, and post-incident follow-up.

Incident Response & Threat Prevention

• Own and maintain the Security Incident Response Plan, including severity definitions, roles and responsibilities, evidence handling, escalation paths, and internal/external communication procedures.
• Lead security incident response from identification through containment, eradication, recovery, and lessons learned.
• Perform root-cause analysis and coordinate corrective actions with IT administrative staff and relevant stakeholders.
• Proactively implement threat prevention measures: hardening, secure configuration baselines, conditional access/MFA enforcement support, and policy-driven risk reduction.
• Maintain an incident register covering actual, attempted, and suspected security incidents (including phishing attempts), investigations performed, and outcomes.

Compliance Enablement (CMMC L2 / NIST Controls)

• Maintain the System Security Plan (SSP) and Plan of Actions & Milestones (POA&M) for in‑scope systems, ensuring clear implementation statements, ownership, and evidence references.
• Support definition and maintenance of the CUI boundary, including systems, users, endpoints, networks, and data flows.
• Translate CMMC and NIST control requirements into concrete configurations, procedures, and ongoing monitoring activities across Microsoft 365, on‑prem infrastructure, and restricted or air‑gapped environments.
• Collect, organize, and maintain audit‑ready evidence to support internal assessments, customer diligence, and third‑party assessments.
• Define and maintain a centralized logging strategy (SIEM) spanning cloud and on‑prem environments, including ingestion of logs from identity systems, endpoints, email, servers, firewalls, VPNs, and IDS/IPS platforms.

On‑Prem & Air‑Gapped Security

• Establish and operate secure data transfer procedures for air‑gapped and restricted environments, including removable media governance, integrity validation, malware scanning, and chain‑of‑custody documentation.
• Partner with Network Architecture to design and maintain secure monitoring architectures for restricted and air‑gapped environments, including TAP/SPAN placement, IDS deployment, and segmentation alignment with OT/ICS security best practices

Security Engineering & Integrations

• Support integrations between cloud-based services and the Microsoft security/compliance ecosystem (e.g., log sources, alerting, ticketing workflows, SSO/identity integrations).
• Contribute to automation where appropriate (e.g., scheduled scripts, workflows, or playbook-style response actions).

Cross-Functional Collaboration & Communication

• Work closely with IT and engineering teams to ensure smooth operations and secure-by-default practices.
• Document, categorize, and prioritize security issues to ensure efficient escalation and resolution.
• Enforce approved security, compliance, and privacy policies and contribute to ongoing policy development and improvement.
• Collaborate with Network Architecture on secure network design, segmentation strategy, and enforcement controls including firewall policy, IDS/IPS, and Zero Trust network principles.
• Collaborate with Network Architecture on secure network design, segmentation strategy, and enforcement controls including firewall policy, IDS/IPS, and Zero Trust network principles
• Implement privacy impact assessments (PIAs) for new systems or processes involving personal data.
• Partner with Legal and HR to document the company’s GDPR and CCPA applicability position, including the basis where such laws do not apply. 
• Support inclusion of appropriate data privacy and security terms in third‑party contracts and service agreements.

• Education: Bachelor’s degree (or equivalent practical experience) in information technology, cybersecurity, information systems, or a related field. 
• Experienece: 7+ years of experience in security administration, security operations, compliance operations, or adjacent IT roles with direct security responsibility.
• Demonstrated hands‑on experience administering Microsoft 365 security and compliance services, including Microsoft Purview and Microsoft Defender in an enterprise environment. 
• Proven background in security incident response, investigation, and documentation in regulated or high‑risk environments. 
• Working knowledge of system security best practices, access control, secure configuration, and audit logging. 
• Strong written and verbal communication skills; able to translate technical security risk into clear, actionable steps and documentation. 
• Comfortable operating as a self‑directed individual contributor in a fast‑paced and evolving environment.
• Excellent technical and interpersonal communication skills; able to translate security risk into actionable steps.
• Comfortable in a fast-paced, dynamic, and ambiguous environment.
• Positive attitude, strong ownership mindset, strong professional judgement and ability to earn trust and maintain professional relationships.
• Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder), or lawfully admitted into the U.S. as a refugee of granted asylum 

• Direct experience implementing or operating CMMC Level 2 and/or NIST SP 800‑171 controls, including evidence collection and assessment preparation. 
• Experience with centralized logging or SIEM platforms and detection playbook development. 
• Experience with cloud-based service integrations (webhooks/REST APIs) and security-relevant automation.
• Experience with security-related scripting/automation practices and languages (Python, JavaScript, Ansible, SOAR‑style workflows etc.).
• Familiarity with hybrid cloud and on‑prem infrastructure in regulated environments, including air‑gapped networks.